Filter
Top Products
305 | Rolesand Policies DellPowerConnectW-SeriesArubaOS6.2 | User Guide
Viewing the Current Exceptions List
To view the current bandwidth contract exception list, access the command-line interface in enable mode and issue
the command show vlan-bwcontract-explist. To view the preconfigured internal bandwidth contract exception
list, include the optional internal parameter, as shown in the example below:
Configuring Bandwidth Contract Exceptions
To add the MAC address of a protocol to the exception list for bandwidth contracts, access the command-line
interface in config mode and issue the command vlan-bwcontract-explist <mac-addr>.
The following example adds the MAC address for CDP (Cisco Discovery Protocol) and VTP (Virtual Trunking
Protocol to the list of protocols that are not limited by VLAN bandwidth contracts.
(host)(config) #vlan-bwcontract-explist mac 01:00:0C:CC:CC:CC
Assigning User Roles
A client is assigned a user role by one of several methods. A role assigned by one method may take precedence over
one assigned by a different method. The methods of assigning user roles are, from lowest to highest precedence:
1. The initial user role or VLAN for unauthenticated clients is configured in the AAA profile for a virtual AP (see
Access Points (APs) on page 393).
2. The user role can be derived from user attributes upon the client’s association with an AP (this is known as a
user-derived role). You can configure rules that assign a user role to clients that match a certain set of criteria. For
example, you can configure a rule to assign the role VoIP-Phone to any client that has a MAC address that starts
with bytes
xx:yy:zz
.User-derivation rules are executed
before
client authentication.
3. The user role can be the default user role configured for an authentication method, such as 802.1x or VPN. For
each authentication method, you can configure a default role for clients who are successfully authenticated using
that method.
4. The user role can be derived from attributes returned by the authentication server and certain client attributes
(this is known as a
server-derived role
). If the client is authenticated via an authentication server, the user role for
the client can be based on one or more attributes returned by the server during authentication, or on client
attributes such as SSID (even if the attribute is not returned by the server). Server-derivation rules are executed
after
client authentication.
5. The user role can be derived from Dell Vendor-Specific Attributes (VSA) for RADIUS server authentication. A
role derived from a Dell VSA takes precedence over any other user roles.
The following sections describe the methods of assigning user roles.
Assigning User Roles in AAA Profiles
An AAA profile defines the user role for unauthenticated clients (initial role) as well as the default user role for MAC
and 802.1x authentication. To configure user roles in the AAA profile: